• Latest
  • Trending
  • All
  • News
  • Business
  • Politics
  • Science
  • World
  • Lifestyle
  • Tech
Microsoft Azure Forms Collaboration to Enhance AI in Healthcare

Azure Functions Weakness Allows Privilege Escalation

April 9, 2021
Juniper Networks extends connected security with two new updates

5 channel partner program and MSP News update 21 April . 2021

April 22, 2021
Automate Evidence Collection With Hypersync

CyberSheath Enhances Its CMMC Managed Services with CMMCEnclave, the Most Comprehensive CMMC Compliance Platform

April 22, 2021
Microsoft To Build New Azure Cloud Data Centers In Greece

Device Connectivity and Edge Intelligence in Resource-Constrained Situations

April 22, 2021
8×8 makes raft of updates to platform

Sysinno Introduces First Available Air Quality Monitor Running on Microsoft Azure Sphere

April 22, 2021
Microsoft renames and unifies more products under Microsoft Defender brand

UK government signs new three-year Memorandum of Understanding with Microsoft

April 22, 2021
Azure Stack, AWS Outposts Poised to Impact Colocation

Aruba accelerates digital transformation from edge to cloud on Microsoft Azure.

April 22, 2021
How to set up Microsoft Cloud App Security

Eurotech Collaborates with Infineon Technologies, Microsoft, and Globalsign for ’Chain of Trust’ Security Solution for the IoT Device Identities

April 22, 2021
GHD accelerates digital transformation to ensure business continuity

ONUG to Address Enterprise Cloud, Cloud Native DevOps, Security & Automation at Biannual Spring 2021 Event

April 22, 2021
Microsoft To Build New Azure Cloud Data Centers In Greece

Infosec Teams Expand Use of Security Tools to Address Cloud Complexity, Survey Finds

April 22, 2021
Microsoft continues to extend security for all with mobile protection for Android

HVR Launches Agent as a Service for Microsoft Azure, Establishes Highly Available, Secure and Performant Real-Time Replication Environment for Enterprise Modernization

April 22, 2021
Hackers Cryptojack Microsoft Azure ML Clusters

6clicks partners with Microsoft to bring greater security to Aus Government

April 22, 2021
Seattle Seahawks Shift From Microsoft Azure to Amazon Web Services

Security should start in software engineering

April 21, 2021
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Thursday, April 22, 2021
  • Login
Azure Security News
  • Home
  • News
    • All
    • Business
    • Politics
    • Science
    • World
    Juniper Networks extends connected security with two new updates

    5 channel partner program and MSP News update 21 April . 2021

    Automate Evidence Collection With Hypersync

    CyberSheath Enhances Its CMMC Managed Services with CMMCEnclave, the Most Comprehensive CMMC Compliance Platform

    Microsoft To Build New Azure Cloud Data Centers In Greece

    Device Connectivity and Edge Intelligence in Resource-Constrained Situations

    8×8 makes raft of updates to platform

    Sysinno Introduces First Available Air Quality Monitor Running on Microsoft Azure Sphere

    Microsoft renames and unifies more products under Microsoft Defender brand

    UK government signs new three-year Memorandum of Understanding with Microsoft

    Azure Stack, AWS Outposts Poised to Impact Colocation

    Aruba accelerates digital transformation from edge to cloud on Microsoft Azure.

    How to set up Microsoft Cloud App Security

    Eurotech Collaborates with Infineon Technologies, Microsoft, and Globalsign for ’Chain of Trust’ Security Solution for the IoT Device Identities

    GHD accelerates digital transformation to ensure business continuity

    ONUG to Address Enterprise Cloud, Cloud Native DevOps, Security & Automation at Biannual Spring 2021 Event

    Microsoft To Build New Azure Cloud Data Centers In Greece

    Infosec Teams Expand Use of Security Tools to Address Cloud Complexity, Survey Finds

    Microsoft continues to extend security for all with mobile protection for Android

    HVR Launches Agent as a Service for Microsoft Azure, Establishes Highly Available, Secure and Performant Real-Time Replication Environment for Enterprise Modernization

    Trending Tags

    • Donald Trump
    • Future of News
    • Climate Change
    • Market Stories
    • Election Results
    • Flat Earth
  • Tech
    • All
    • Apps
    • Gear
    • Mobile
    • Startup
    Cisco, Google, Microsoft Lead Chorus of New Security Initiatives

    Windows 10 21H1: A small but significant update, with bigger changes to come in 21H2

    Microsoft Touts Secured-Core PCs To Block Driver Exploits

    KDDI Taps Cato SASE for Secure Remote Access

    Juniper Networks inspires overarching approach to connected security

    Going serverless? Rethink your data security approach

    Juniper Networks inspires overarching approach to connected security

    Introducing the Azure Network Security Tech Community and Github Repo

    Cisco, Google, Microsoft Lead Chorus of New Security Initiatives

    Azure WAF Custom Rule Samples and Use Cases

    Aruba ClearPass Policy Manager Integrates with Microsoft

    How Microsoft Is Powering Digital Transformation From the Cloud

    Part 4 – Data Disclosure and Exfiltration Playbook: Azure WAF Security Protection and Detection Lab

    The Mountain Of A Manager

    Microsoft offers startups free cloud tech

    Microsoft Launches Host of Security Products in Time for RSA

    The 14 Best Cloud Security Courses on Pluralsight

    Microsoft Adds Anti-Phishing ‘Campaign Views’ to Office 365 ATP

    How 4 cities are modernizing their IT infrastructure through the cloud

    Trending Tags

    • Flat Earth
    • Sillicon Valley
    • Mr. Robot
    • MotoGP 2017
    • Golden Globes
    • Future of News
  • Entertainment
    • All
    • Gaming
    • Movie
    • Music
    • Sports
    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Meet the woman who’s making consumer boycotts great again

    New campaign wants you to raise funds for abuse victims by ditching the razor

    Twitter tweaks video again, adding view counts for some users

    A beginner’s guide to the legendary Tim Tam biscuit, now available in America

    People are handing out badges at Tube stations to tackle loneliness

    Trump’s H-1B Visa Bill spooks India’s IT companies

    Magical fish basically has the power to conjure its own Patronus

    This Filipino guy channels his inner Miss Universe by strutting in six-inch heels and speedos

    Oil spill off India’s southern coast leaves fisherman stranded, marine life impacted

  • Lifestyle
    • All
    • Fashion
    • Food
    • Health
    • Travel
    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Offers More ‘Solorigate’ Advice Using Microsoft 365 Defender Tools

    A moment of reckoning: the need for a strong and global cybersecurity response

    Solar Winds, Office 365 & Shipbuilding…

    Aruba ClearPass Policy Manager Integrates with Microsoft

    Imprivata Expands Collaboration with Microsoft on New Digital Identity Innovations

    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Canada’s 10 biggest stories of 2020

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    AMD breaks revenue records for 2019 and 4Q

    AMD breaks revenue records for 2019 and 4Q

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft is killing off insecure Cloud App Security cipher suites

    Microsoft is killing off insecure Cloud App Security cipher suites

    Rap group call out publication for using their image in place of ‘gang’

    Meet the woman who’s making consumer boycotts great again

    Trending Tags

    • Golden Globes
    • Mr. Robot
    • MotoGP 2017
    • Climate Change
    • Flat Earth
No Result
View All Result
Azure Security News
No Result
View All Result
Home News

Azure Functions Weakness Allows Privilege Escalation

by AZURE SECURITY NEWS EDITOR
April 9, 2021
in News
0
Microsoft Azure Forms Collaboration to Enhance AI in Healthcare
492
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

By Tara Seals and Azure Security News

Microsoft’s cloud-container technology allows attackers to directly write to files, researchers said.

A privilege-escalation vulnerability Microsoft’s Azure Functions cloud container feature could ultimately allow a user to escape the container, according to researchers.

Intezer researchers dubbed the bug “Royal Flush” after a flush-to-disk limitation that an exploit would need to evade. Flushing to disk means that data is handed off to the kernel, where it’s visible to other processes but may not survive a reboot.

The firm found that Azure Functions containers run with the –privileged Docker flag, which means that device files in the /dev directory can be shared between the Docker host and the container guest. The vulnerability stems from the fact that these device files have read-write permissions for “others.”

“The lax permissions on the device files are not standard behavior,” according to the analysis, released on Thursday.

The issue becomes a problem given that the Azure Functions environment contains 52 different partitions with file systems, which can be visible across users, according to Intezer.

“We suspected that these partitions belonged to other Azure Functions clients, but further assessment showed that these partitions were just ordinary file systems used by the same operating system, including pmem0, which is the Docker host’s file system,” researchers explained.

“This could become dangerous in the case where the attackers have access to the victims’ environment, as a low-privileges user,” Ari Eitan, vice president of research at Intezer, told Theatpost. “Using this vulnerability, an attacker can escalate privileges and do things he should not do (read files from the file system, for example).”

Further, while the bug is not a direct Docker escape vulnerability, “if a user is able to escalate to root, they would be able to escape to the Docker host using various Docker escape techniques,” he said. “Merging those two together is a great power for attackers.”

Royal Flush Cloud-Container Exploit

To probe for attack paths that could arise from this setup, the researchers created a local test container. They found that using the Debugfs utility (a special utility used for debugging the Linux kernel, which can be used to examine and change the state of a file system), an unprivileged user can easily traverse the Azure Functions file system. And, it turns out that an unprivileged user can also directly edit any files found within.

“At first, we tried to edit the file’s contents using the zap_block command by directly editing file system blocks’ contents,” according to the analysis. “Internally, the Linux kernel treats these changes to the *device file* /dev/sda5, and they are write-cached in a different location than changes to the *regular file* /etc/passwd. As a result, it is required to flush changes to disk, but this flush is handled by the Debugfs utility.”

However, researchers were able to find a way around this limitation on making direct changes to files.

“First, we created a hard link via Debugfs into our container’s diff directory so that changes would radiate to our container,” researchers explained. The diff directory is a full enumeration of the objects within the container.

They added, “This hard link still requires root permissions to edit, so we still had to use zap_block to edit its content. We then used posix_fadvise to instruct the kernel to discard pages from the read cache (flush them, hence the name of the technique), inspired by a project named ‘pagecache management.’ This caused the kernel to load our changes and we were finally able to propagate them to the Docker host file system.”

Debugfs also supports a write-mode, allowing users to make changes to the underlying disk, noted researchers: “It’s important to note that writing to a mounted disk is generally a bad idea as it can cause corruption in the disk,” they added.

With the ability to edit arbitrary files belonging to the Docker host, an attacker can make changes to the /etc/ld.so.preload file, researchers explained – which would allow a “preload-hijack” attack that spreads a malicious shared object through the container’s diff directory.

“This file could be preloaded into every process in the Docker host system (we previously documented HiddenWasp malware using this technique) and thus the attacker would be able to execute malicious code on the Docker host,” according to the analysis.

Intezer reported the vulnerability to Microsoft Security Response Center (MSRC), but no patch will be forthcoming. The computing giant determined that the vulnerability “has no security impact on Azure Functions users,” according to the analysis, because the Docker host used by the researchers was actually a HyperV guest and thus protected with another sandboxing layer. That’s not to say though that the weakness couldn’t be dangerous in a different configuration.

“Despite the fact that MSRC says there’s nothing to worry about, we believe that an advanced attacker could take advantage of this vulnerability and that it could help him as part of an attack,” Eitan said. “This is why we published it.”

The researchers provided proof-of-concept exploit code as well:

Microsoft did not immediately return a request for comment.

“Cases like this underscore that vulnerabilities are sometimes unknown or out of the cloud consumer’s control,” Intezer recommended. “A two-pronged approach to cloud security is recommended: Do the basics, like fixing known vulnerabilities and hardening your systems to decrease the likelihood of getting attacked, as well as implementing runtime protection to detect and respond to post-vulnerability exploitation and other in-memory attacks as they occur.”

Source : https://threatpost.com/azure-functions-privilege-escalation/165307/

Share197Tweet123Share49
AZURE SECURITY NEWS EDITOR

AZURE SECURITY NEWS EDITOR

Related Posts

Juniper Networks extends connected security with two new updates

5 channel partner program and MSP News update 21 April . 2021

by AZURE SECURITY NEWS EDITOR
April 22, 2021
0

By  Joe Panettieri Azure Security News Here are five (actually, more) technology news updates, insights, chatter, and plenty more to...

Automate Evidence Collection With Hypersync

CyberSheath Enhances Its CMMC Managed Services with CMMCEnclave, the Most Comprehensive CMMC Compliance Platform

by AZURE SECURITY NEWS EDITOR
April 22, 2021
0

-CyberSheath Services International today introduced the next evolution of its CMMC Managed Services, including its CMMCEnclave. Based on Microsoft Azure, CMMCEnclave is...

Microsoft To Build New Azure Cloud Data Centers In Greece

Device Connectivity and Edge Intelligence in Resource-Constrained Situations

by AZURE SECURITY NEWS EDITOR
April 22, 2021
0

The migration to more sophisticated cloud-based IoT functionality is relentless and rapid. However, ensuring optimal functionality in the complicated infrastructure...

8×8 makes raft of updates to platform

Sysinno Introduces First Available Air Quality Monitor Running on Microsoft Azure Sphere

by AZURE SECURITY NEWS EDITOR
April 22, 2021
0

Sysinno Technology Inc., an Innodisk shareholding company, is excited to announce that their iAeris line of indoor air quality detectors will...

  • Trending
  • Comments
  • Latest
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

AZURE DEFAULT RESOURCE GROUP AND DEFAULT WORKSPACE: WHAT ARE THEY?

December 14, 2020
Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

Analyzing Azure Active Directory Sign-In Data with PowerShell

December 18, 2020
Microsoft Seriously Beefs Up Security in Windows Server 2019

TCS Launches Cloud Exponence on Microsoft Azure

January 21, 2021

Lady Gaga Pulled Off One of the Best Halftime Shows Ever

0

Barack Obama’s Now Mainly Focusing on Wearing This Casual Backwards Hat

0

Watch Justin Timberlake’s ‘Cry Me a River’ Come to Life in Mesmerizing Dance

0
Juniper Networks extends connected security with two new updates

5 channel partner program and MSP News update 21 April . 2021

April 22, 2021
Automate Evidence Collection With Hypersync

CyberSheath Enhances Its CMMC Managed Services with CMMCEnclave, the Most Comprehensive CMMC Compliance Platform

April 22, 2021
Microsoft To Build New Azure Cloud Data Centers In Greece

Device Connectivity and Edge Intelligence in Resource-Constrained Situations

April 22, 2021
Azure Security News

Copyright © 2020 - Azure Security

Navigate Site

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Follow Us

No Result
View All Result
  • Home
  • News
    • Politics
    • Business
    • World
    • Science
  • Entertainment
    • Gaming
    • Music
    • Movie
    • Sports
  • Tech
    • Apps
    • Gear
    • Mobile
    • Startup
  • Lifestyle
    • Food
    • Fashion
    • Health
    • Travel

Copyright © 2020 - Azure Security

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In